July 17, 2007 18:17 World Scientific Review Volume - 9.75in x 6.5in damiani-samarati Chapter 1 Privacy in the Electronic Society: Emerging Problems and Solutions * Claudio A. Ardagna, Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati Dipartimento di Tecnologie dell’Informazione Universit` a degli Studi di Milano 26013 Crema - Italy {ardagna,cremonini,damiani,decapita,samarati}@dti.unimi.it As the global information infrastructure is becoming more ubiquitous, dig- ital business transactions are increasingly performed using a variety of mobile devices and across multiple communication channels. This new service-oriented paradigm is making the protection of privacy an increasing concern, as it relies on rich context representations (e.g., of location and purpose) and requires users to provide a vast amount of information about themselves and their behavior. This information is likely to be protected by a privacy policy, but restrictions to be enforced may come from different input requirements, possibly under the control of different authorities. In addition, users retain little control over their personal information once it has been disclosed to third parties. Secondary usage regula- tions are therefore increasingly demanding attention. In this paper, we present the emerging trends in the data protection field to address the new needs and desiderata of today’s systems. 1.1. Introduction Today’s digital business processes increasingly rely on services accessed via a va- riety of mobile devices and across multiple communication channels [2]. Also, terminal devices are now equipped with sensors capable of collecting information from the environment, such as geographical positioning systems (GPS), providing a rich context representation regarding both users and the resources they access. This representation includes potentially sensitive personal information, such as the users’ purpose, geographical location, and past preferences. While collecting and exploit- ing rich context data is indeed essential for customizing network-based processes and services, it is well known that context records can be misused well beyond the original intention of their owners. Indeed, personal information is often disclosed * A preliminary version of this paper appeared under the title “Privacy in the Electronic Society,” in Proc. of the International Conference on Information Systems Security (ICISS 2006), Kolkata, India, December 19-21, 2006 [1]. 1